We take a few minutes to relate what NIST is, opportunities to work with or at NIST, and the Software Assurance Metrics And Tool Evaluation (SAMATE) project, with efforts such as a workshop on Statistics, the Universe of Programs, and Everything Relevant. Although assurance cannot be tested into software, software assessment can provide an additional component of assurance.  Assessment can be broadly classified as static analysis or dynamic analysis (testing), which have different strengths and which complement each other. Planning for the fifth Static Analysis Tool Exposition (SATE V) is in progress to deepen our understanding of code vulnerabilities, weaknesses, and the abilities and limits of automated tools.

We end with a description of the SAMATE Reference Dataset (SRD), a public repository of over 60,000 reference programs.  We describe some of the test suites and suggest ways they may help calibrate metrics and assessment techniques.

Bio

Dr. Black has nearly 20 years of industrial experience in areas such as developing software for IC design and verification, assuring software quality, and managing business data processing.  He is a Computer Scientist for the National Institute of Standards and Technology (NIST) in the Systems and Software Division of the Information Technology Laboratory.

Black earned a Ph.D. at Brigham Young University in 1998.  He has taught classes at Brigham Young University and Johns Hopkins University. He has published in the areas of static analysis, software testing, formal methods, software verification, quantum computing, and computer forensics.